Recently, there have been frequent security incidents, encryption users need to pay attention to 4 core issues.

Author: @cmdefi

"Safety" should be the biggest topic in the industry for at least the next 10 years, as it currently has contradictions at both ends of decentralization and centralization. Taking advantage of the recent discussion on exchange security issues, let's delve into it from the following perspectives:

1. Asset sovereignty

2. Smart Contract Security

3. Anti-censorship

4. Wallet

1/4 Asset Sovereignty

Decentralization is far superior to centralization in terms of asset autonomy, which means that users have complete control over their assets. This was the mainstream narrative during the DeFi Summer period and also the starting point of the massive withdrawal movement at that time.

But as smart contracts are increasingly attacked and authorization thefts occur more frequently, the higher degree of autonomy in asset management does not necessarily equate to greater security. This is because many ordinary users do not possess the ability to identify risks, and managing assets securely on-chain requires a considerable amount of time and experience. As a result, the threshold for autonomous asset management is becoming higher and higher.

So newcomers entering the market will still prioritize entrusting their assets to the exchange or institution, the original intention is to leave professional matters to professionals, of course, from now on you also lose the autonomy of your assets, in exchange for the custody service provided by centralized institutions.

As the industry has developed to this day, exchanges and on-chain systems basically serve different user groups, and both have corresponding risks, but the way the risks are presented is different. On-chain systems have strong autonomy in managing assets, and you can have 100% ownership of your assets, but it requires sufficient experience and risk management ability. Entrusting exchanges to manage your assets is simple enough, but it may face centralization risks. There is no perfect solution, and it is important to be clear and understand where the risks lie and always maintain awe.

2/4 Smart Contract Security

"Risk always happens in the unknown."

In addition to asset management, from the perspective of DeFi projects, immutable and permissionless smart contracts are considered decentralized and tamper-proof. However, this does not necessarily mean absolute security. Due to the unpredictable and untestable nature of smart contract code risks, if a critical smart contract has a fatal vulnerability and centralization cannot intervene, it would be extremely difficult to remedy. Many such cases have occurred in the early stages of DeFi.

So how will the security of smart contracts develop in the future? According to the original intention of decentralization, simple smart contracts will first be "hardened" after being tested by time and the market, that is, they will be completely decentralized and tamper-proof. Then the complexity will gradually increase. During this process, some complex projects will inevitably need to set emergency buttons at key points to reduce and recover losses in major events (of course, various permission constraints will usually be used to prevent the risks brought by excessive centralization).

So the security of smart contracts is something that must be experienced and tested over time. Currently, all the fud about the security of DeFi is actually fud about the future of the industry. The security issues faced by smart contracts are something that all on-chain projects, whether it's GameFi or SocialFi, will have to go through in the future. It's just that DeFi is taking the lead, solidifying enough foundation ahead of others, so that the path ahead can be smoother.

3/4 Anti-Censorship

Resistance to censorship is an aspect that many people easily overlook, because most people think that they are just trading coins and are far from resisting censorship by doing simple transactions. In fact, once you have experienced it, you will thoroughly realize the importance of resisting censorship, because it is the most direct way to make you feel that without decentralization, your money cannot be 100% yours. I won't go into too much detail here, but anyone with a basic understanding will realize that resistance to censorship is not an exaggeration to say it is the most important part of the decentralization vision.

At this point, it is complementary to asset autonomy, and decentralized management is indeed superior to centralized management.

4/4 Wallet

When it comes to storing assets on-chain, we often come across cold wallets, hot wallets, and hardware wallets.

Cold Wallet: Simply put, a cold wallet is a wallet where the private key is created and managed without being connected to the internet. This type of cold wallet can be created by oneself, for example, using an old iPhone to create a cold wallet. There are many tutorials and resources available online. From a personal management perspective, this method has a very high level of security. The only thing you need to pay attention to is not to lose the piece of paper where you record the mnemonic phrase.

Hardware Wallet: First of all, it is not equivalent to a cold wallet. Hardware wallets involve a lot of hardware technology. In general, the generation of private keys is also offline. However, the controversy lies in the fact that the manufacturer of the hardware is also a centralized institution, which may theoretically pose centralization risks. On the other hand, hardware wallets usually have an extra verification step before you perform transactions, similar to security tokens or authentication cards.

Hot Wallet: The hot wallet is the most commonly used wallet in our daily life, it is more convenient and flexible to use. It often involves on-chain interactions, which will increase the wallet's authorization and signatures. Especially if some upgradable contracts are authorized, there may not be any problems at the moment, but the upgraded contract may bring new risks, laying the groundwork for future trouble.

The use of wallets is usually configured according to individual circumstances. In fact, the security of wallets ultimately depends on the security of private keys and permissions.